Free Malware Removal Forum

Welcome to MalwareRemoval.com,What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Hey everyone, i had posted a thread about 5 months back about a trojan/virus attack i had. We had eventually figured it was a rootkit but couldn't be seen for some reason. We got rid of most all the strange activity, but still had had a few strange things going on, nothing i couldn't deal with. Mainly just a popup box whenever i started my computer telling me a certain file couldn't be found and to make sure it still exists or delete it from the registry.

Just the other day it acted funny and i noticed my MSE had shut down and acted like it couldn't start because it was missing some service files. I tried to restart the service but it tells me it's not even there anymore. I would also get errors on host processes for windows service had stopped working. It would drop host processes about every 15 minutes.

In the meantime i did a scan with Malware Bytes and came up with a exploit,drop.cfg trojan.

I got on the MSE forums to try and get that back up again and deleted all my old AVG programs and files, deleted and reinstalled MSE again, which got that going again. It never came up with anything in new scans but as i was looking through the MSE history, i found about 150 instances of it finding a trojan Win64/siefef.w over the last couple days which it quarenteened. The trojan attacks have stopped and so have the dropped hosts, but i noticed that Windows Firewall will not start up due to an undisclosed problem. So there is still something going on.

It also had been freezing alot during the early stages but that seems to be gone now. Some of the other strange things seem to be if i move my desktop icons around, they will be put back to the default positions every time i reboot. Windows security center cannot be started. It says the service is turned off and will not start when i try to restart it. I had a severly old version of Java, which may have been the source of the attack, but have since updated it, but when i go back to their site to show me which version i have, it always tells me i'm running the old version. Do i need to delete the old version? Same goes for IE9. I downloaded it but it always wants to run IE8.

Sorry for such a long post, just wanted to tell everything about this. I do have a ghosted version of my HHD saved, so if all else fails, i can go back to it. Sounds like whatever this is wont let me start up much of my malware services. Malware Bytes has shown clean since the first exploit file was found. I have also seen many sites that claim to remove the Trojan Win64/siefef.w problem but of course most of them just want to get you to buy their inferior product. Is trojanremoval.org a reputable site?

Your forums and sites have been very helpful to me in the past and i want to thank everyone involed here for their help so far.

Double-click on TDSSKiller.exe to run the tool for known TDSS variants.Vista - W7 users: Right-click and select "Run As Administrator".If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com). If you don't see file extensions, please see: How to change the file extension.

Click the Start Scan button. Do not use the computer during the scan!

If the scan completes with nothing found, click Close to exit.

If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.

Ensure SKIP is selected... DO NOT attempt to FIX anything yet!

Now click on Report to open the log file created by TDSSKiller in your root directory C:\

A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).

As i was looking around i came upon the system restore program. I gave it a try and it brought back my old resolution and put everything back where it was. Hey! I thought i had it whipped. But then IE8 would crash every time i opened it. I did tons of searches and couldn't get it figured out, so i restored it back to where it was yesterday. So i guess that didn't work.

I guess we'll just keep on trying.

If for some reason we can't get it figured out, it's no big deal. I have another copy of this drive ghosted. I'll just revert back to it. But i do like seeing the process we go through to try and get this figured out. Very informative. Let me know if you are swamped with help requests. I can bow out and swap drives, and you can go on to help someone that needs the help more than me.

Your logs does not show any signs of malware, I am afraid that the malware cannot be detected as outlined by askey in your previous topic, therefore I would recommend you to reformat and reinstall your operating system.

Thank you for your time Alander. You guys do a special service for those that need the help and should be commended for that.

I too had thought maybe it did get cleaned somewhere along the line but with the little quirks left behind i just wanted to make sure. I definately will do the reformat, it's about time anyway. Thanks again.

Who is online

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.